LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-27-2020, 05:13 AM   #1
starbearer
LQ Newbie
 
Registered: Jan 2020
Posts: 22

Rep: Reputation: Disabled
Encrypting FileSystem on the fly


I am relatively new to the quirks of filesystem encryption on Linux.

Earlier a file system used to be encrypted using Bitlocker on WIndows for our systems, but we are migrating to Linux now, and some requirements are different.

Ordinarily the recommendation is to use dm-crypt, with LUKS to provilde a salt. However, couple of things -

1. The decision to encrypt a file system will only be known when data may already be on the disk...
2. The booting of system needs to be silent, without any manual input of credential.

As I understand, using dm-crypt on the fly, to encrypt an existing FS will cause data deletion, perhaps there is a way to prevent it, but I am not aware of it.

Another issue is that system is set to boot automatically, with LUKS, it'll expect, I assume, the key or password either manually, or in the form of a USB inserted, or in a TPM module, which is not there on the system.

Could someone advise how I can go about encrypting an existing file system on the fly without data deletion, and somehow deal with a silent reboot...?
The system is expected to run CentOs.
 
Old 10-27-2020, 05:49 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 15,598

Rep: Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116Reputation: 5116
what is the goal (of an encryption) if you can boot the system without any manual input?
To make an encrypted disk you need to save your data, encrypt it and restore the content (as far as I know).
 
Old 10-27-2020, 06:18 AM   #3
starbearer
LQ Newbie
 
Registered: Jan 2020
Posts: 22

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
what is the goal (of an encryption) if you can boot the system without any manual input?
To make an encrypted disk you need to save your data, encrypt it and restore the content (as far as I know).
Perhaps a bit noob-ish from my side, so let me ask -

1. If TPM is on the system, as I understand it, it would hold the passphrase or key, which LUKS can possibly use to decrypt or allow access to disk, and a quiet boot?

2. As I understand the first step, at least in dm-crypt is to fill the filesystem with zeroes, which deletes whatever may be there on that filesystem. Is this step essential? And is there any other encryption utility which would not be required to do this, while still achieving reasonable levels of encryption and security?

Drive encryption with BitLocker does not delete data, but block-level encryption with LUKS does...I'm not sure what is the difference between the two.

If alternatives could be suggested, I am open to those as well...Essentially I am interested in encrypting certain partitions without deleting pre-existing data and a quiet boot.

Last edited by starbearer; 10-27-2020 at 06:32 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Encrypting root filesystem fails ChrisAbela Slackware 2 06-06-2013 08:47 AM
LXer: CrazyFlie 6-DOF Review Fly away now, fly away LXer Syndicated Linux News 0 04-20-2013 01:12 AM
Encrypting a Remote Samba Filesystem dragonfly-uk Linux - Networking 4 03-02-2013 03:17 AM
Encrypting an existing filesystem? Canadakid Linux - Security 6 01-10-2007 06:27 AM
Encrypting filesystem ImpactDNI Linux - Security 3 03-26-2005 11:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration